Importing a certificate into the system-wide CA database

You can use a system-wide CA database to ensure that any applications that use the database trust any of the certificates that are stored on it. You can import the certificates that you create for SSL between the Logstash and LFA servers into this type of database. This step is optional.

About this task

Procedure

  1. To copy the certificate to the system-wide database, enter the following command:
    $ sudo cp mycert.pem /usr/share/ca-certificates/<cert_name>.crt
    where <cert_name> is the name of the cert that you want to import.
  2. Add the names of the files that you import to the CA certificate configuration manually or you can use a command.
    To add the CA certificates with a command, enter the following command:
    sudo dpkg-reconfigure ca-certificates
    To manually add the certificate names, edit the /etc/ca-certificates.conf file. Add the list of certificate names at the end of the code after the last hashtag (#). For example:
    
    # This file lists certificates that you wish to use or to ignore to be
    # installed in /etc/ssl/certs.
    # update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
    #
    # This is autogenerated by dpkg-reconfigure ca-certificates.
    # certificates shoule be installed under /usr/share/ca-certificates
    # and files with extension '.crt' is recognized as available certs.
    #
    # line begins with # is comment.
    # line begins with ! is certificate filename to be deselected.
    #
    <cert_name>.crt
    example.com/example.com.crt
    where <cert_name>.crt is the certificate file that you want to import.
  3. To update the system-wide database, enter the following command:
    $ sudo update-ca-certificates

Results

You imported your CA certificates into the system-wide database. All the applications that use the database can now trust this certificate.